Skip to content

linuxfabrik.lfops.ipagroup

Manage FreeIPA groups

Synopsis

  • Manage FreeIPA groups

Available since LFOps 6.0.0.

Optional Parameters

action

  • Work on group or member level
  • Type: String. One of member, group.
  • Default: group

description

  • The group description
  • Type: String.

external

  • Allow adding external non-IPA members from trusted domains
  • Type: Bool.

externalmember

  • List of members of a trusted domain in DOM\name or name@domain form. Requires "server" context.
  • Type: List.

gid

  • The GID
  • Type: Number.

group

  • List of group names assigned to this group.
  • Type: List.

groups

  • The list of group dicts (internally gid).
  • Type: List.

  • Subkeys:

    • description:

      • The group description
      • Type: String.

    • external:

      • Allow adding external non-IPA members from trusted domains
      • Type: Bool.

    • externalmember:

      • List of members of a trusted domain in DOM\name or name@domain form. Requires "server" context.
      • Type: List.

    • gid:

      • The GID
      • Type: Number.

    • group:

      • List of group names assigned to this group.
      • Type: List.

    • idoverrideuser:

      • User ID overrides to add. Requires "server" context.
      • Type: List.

    • membermanager_group:

      • List of member manager groups assigned to this group. Only usable with IPA versions 4.8.4 and up.
      • Type: List.

    • membermanager_user:

      • List of member manager users assigned to this group. Only usable with IPA versions 4.8.4 and up.
      • Type: List.

    • name:

      • The group (internally gid).
      • Type: String.

    • nomembers:

      • Suppress processing of membership attributes
      • Type: Bool.

    • nonposix:

      • Create as a non-POSIX group
      • Type: Bool.

    • posix:

      • Create a non-POSIX group or change a non-POSIX to a posix group.
      • Type: Bool.

    • rename:

      • Rename the group object
      • Type: String.

    • service:

      • List of service names assigned to this group. Only usable with IPA versions 4.7 and up.
      • Type: List.

    • user:

      • List of user names assigned to this group.
      • Type: List.

idoverrideuser

  • User ID overrides to add. Requires "server" context.
  • Type: List.

membermanager_group

  • List of member manager groups assigned to this group. Only usable with IPA versions 4.8.4 and up.
  • Type: List.

membermanager_user

  • List of member manager users assigned to this group. Only usable with IPA versions 4.8.4 and up.
  • Type: List.

name

  • The group name
  • Type: List.

nomembers

  • Suppress processing of membership attributes
  • Type: Bool.

nonposix

  • Create as a non-POSIX group
  • Type: Bool.

posix

  • Create a non-POSIX group or change a non-POSIX to a posix group.
  • Type: Bool.

rename

  • Rename the group object
  • Type: String.

service

  • List of service names assigned to this group. Only usable with IPA versions 4.7 and up.
  • Type: List.

state

  • State to ensure
  • Type: String. One of present, absent, renamed.
  • Default: present

user

  • List of user names assigned to this group.
  • Type: List.

Examples

# Create group ops with gid 1234
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: ops
    gidnumber: 1234

# Create group sysops
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: sysops

# Create group appops
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: appops

# Create multiple groups ops, sysops
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    groups:
    - name: ops
      gidnumber: 1234
    - name: sysops

# Add user member pinky to group sysops
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: sysops
    action: member
    user:
    - pinky

# Add user member brain to group sysops
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: sysops
    action: member
    user:
    - brain

# Add group members sysops and appops to group ops
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: ops
    group:
    - sysops
    - appops

# Add user and group members to groups sysops and appops
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    groups:
    - name: sysops
      user:
        - user1
    - name: appops
      group:
        - group2

# Rename a group
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: oldname
    rename: newestname
    state: renamed

# Create a non-POSIX group
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: nongroup
    nonposix: yes

# Turn a non-POSIX group into a POSIX group.
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: nonposix
    posix: yes

# Create an external group and add members from a trust to it.
# Module will fail if running under 'client' context.
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: extgroup
    external: yes
    externalmember:
    - WINIPA\Web Users
    - WINIPA\Developers

# Create multiple non-POSIX and external groups
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    groups:
    - name: nongroup
      nonposix: true
    - name: extgroup
      external: true

# Remove groups sysops, appops, ops and nongroup
- ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: sysops,appops,ops, nongroup
    state: absent

Authors

  • Thomas Woerner (@t-woerner)